cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12397,https://securityvulnerability.io/vulnerability/CVE-2024-12397,Cookies vulnerability could lead to unauthorized data access or modification,"A vulnerability in Quarkus-HTTP has been identified, where improper parsing of cookies occurs due to certain value-delimiting characters in HTTP requests. This issue enables attackers to create specially crafted cookie values that could facilitate the exfiltration of HttpOnly cookie values or allow the spoofing of arbitrary additional cookie values. These actions may lead to unauthorized access or alterations of sensitive data, significantly affecting the confidentiality and integrity of the data being handled.",Red Hat,"Cryostat 3,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-12-12T09:05:28.451Z,0
CVE-2024-9621,https://securityvulnerability.io/vulnerability/CVE-2024-9621,Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk,"A security issue exists in Quarkus CXF where sensitive information like passwords can be inadvertently logged, despite user configurations intended to keep these details hidden. This vulnerability requires specific configurations to be exposed, including the enablement of SOAP logging, along with the presence of user-set client and endpoint logging properties. Attackers with access to the application logs can exploit this flaw for unauthorized data access, highlighting the importance of stringent logging practices in application security.",Red Hat,Red Hat Build Of Apache Camel 4.4 For Quarkus 3.8,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-08T16:26:09.155Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,false,false,false,,false,false,2024-08-21T14:13:36.579Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T21:21:20.899Z,0
CVE-2024-5971,https://securityvulnerability.io/vulnerability/CVE-2024-5971,Undertow Vulnerability Leads to Denial of Service Attack,"A vulnerability exists in Undertow that can lead to a denial of service scenario. This occurs when chunked responses hang after the body is flushed. Although the response headers and body are sent successfully, the client continues to wait for the termination of the chunked response, which does not occur as expected. This behavior is particularly problematic in Java 17 environments utilizing TLSv1.3, as it results in uncontrolled resource consumption on the server side, potentially leaving it vulnerable to service disruption.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T20:51:29.223Z,0
CVE-2024-1726,https://securityvulnerability.io/vulnerability/CVE-2024-1726,Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service,"A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.",Red Hat,"Red Hat Build Of Quarkus 3.2.11.final,Red Hat Build Of Quarkus",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-04-25T17:15:00.000Z,0
CVE-2023-5675,https://securityvulnerability.io/vulnerability/CVE-2023-5675,"Quarkus: authorization flaw in quarkus resteasy reactive and classic when ""quarkus.security.jaxrs.deny-unannotated-endpoints"" or ""quarkus.security.jaxrs.default-roles-allowed"" properties are used.","A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.",Red Hat,"Red Hat Build Of Quarkus 2.13.9.final,Red Hat Build Of Quarkus 3.2.9.final,A-MQ Clients 2,Cryostat 2,Openshift Serverless,Red Hat Build Of Optaplanner 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-04-25T16:15:00.000Z,0
CVE-2024-1132,https://securityvulnerability.io/vulnerability/CVE-2024-1132,Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information,"A security vulnerability has been identified in Keycloak, where improper URL validation in redirects could enable an attacker to exploit this flaw. This issue particularly affects clients that utilize wildcards in the Valid Redirect URIs field, which could allow malicious requests to bypass intended restrictions. As a result, sensitive information may be accessed without authorization, potentially leading to further attacks. User interaction is necessary to trigger this vulnerability, making it essential for users and administrators to be informed about securing their implementations of Keycloak.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Jboss A-MQ 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",8.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-04-17T13:21:19.130Z,0
CVE-2024-2700,https://securityvulnerability.io/vulnerability/CVE-2024-2700,Quarkus-core: leak of local configuration properties into quarkus applications,"A vulnerability exists in the Quarkus core component, where local environment variables prefixed by 'quarkus.*' can be inadvertently inherited by the application during its build process. This occurs when developers or CI environments utilize such variables for testing purposes, like database modifications or TLS certificate trust settings. If these properties are not explicitly overridden in the application code, their presence in the built application can lead to risky behaviors, potentially exposing the application to unintended effects or vulnerabilities. It's important to note that this behavior is limited to the 'quarkus.*' namespace, and application-specific properties remain unaffected.",Red Hat,"Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apicurio Registry 2.6.1 Ga,Red Hat Build Of Quarkus 3.2.12.final,Red Hat Build Of Quarkus 3.8.4.Red Hat,Rhoss-1.33-rhel-8,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus",7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-04T14:15:00.000Z,0
CVE-2024-1300,https://securityvulnerability.io/vulnerability/CVE-2024-1300,Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error,"A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Openshift Serverless,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-04-02T08:15:00.000Z,0
CVE-2024-1023,https://securityvulnerability.io/vulnerability/CVE-2024-1023,Memory Leak Vulnerability in Eclipse Vert.x Toolkit,"A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Migration Toolkit For Runtimes,Openshift Serverless,Red Hat AMQ Broker 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-27T07:51:15.716Z,0
CVE-2024-1979,https://securityvulnerability.io/vulnerability/CVE-2024-1979,Quarkus Vulnerability: Inadvertent Git Credentials Exposure,"A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.",Red Hat,"Quarkus,Red Hat Build Of Quarkus",,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-13T09:41:25.039Z,0
CVE-2024-1635,https://securityvulnerability.io/vulnerability/CVE-2024-1635,Undertow Vulnerability Impacts Wildfly-HTTP-Client Server,"A vulnerability has been identified within Undertow that affects servers utilizing the WildFly HTTP Client protocol. The issue occurs when a malicious actor exploits the behavior of connection handling, causing the server to exhaust its memory and file descriptor limits. This situation arises when a connection is opened and immediately closed at the HTTP port, leading to leaked connections via the WriteTimeoutStreamSinkConduit. Notably, if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener, the connection's outermost layer fails to notify the Undertow conduit of the closure. Consequently, this lack of notification allows the timeout task to continue leaking connections through the XNIO WorkerThread, resulting in a prolonged impact on the server's resource consumption. Organizations are urged to address this vulnerability promptly to safeguard against potential denial-of-service scenarios.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Streams For Apache Kafka",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-02-19T21:23:14.496Z,0
CVE-2024-1459,https://securityvulnerability.io/vulnerability/CVE-2024-1459,Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files,"A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",5.3,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2024-02-12T20:30:03.768Z,0
CVE-2023-6267,https://securityvulnerability.io/vulnerability/CVE-2023-6267,Quarkus: json payload getting processed prior to security checks when rest resources  are used with annotations.,"A vulnerability exists within the JSON payload processing in Red Hat's REST resources. This flaw arises when annotation-based security is employed. During the processing of the JSON body prior to the evaluation and application of security constraints, the system becomes susceptible to attacks. This issue does not occur with configuration-based security, which ensures that security measures are implemented before the JSON data is deserialized. Such a discrepancy poses a significant risk to the integrity of data handled by affected products.",Red Hat,"Red Hat Build Of Quarkus 2.13.9.final,Red Hat Build Of Quarkus 3.2.9.final,Red Hat Build Of Optaplanner 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Fuse 7",9.8,CRITICAL,0.0007900000200606883,false,false,false,false,,false,false,2024-01-25T18:12:44.771Z,0
CVE-2023-5379,https://securityvulnerability.io/vulnerability/CVE-2023-5379,Undertow: ajp request closes connection exceeding maxrequestsize,"A vulnerability exists in JBoss EAP affecting the handling of AJP requests that exceed the max-header-size attribute. This flaw allows an attacker to trigger an error state in mod_cluster, resulting in JBoss EAP closing the TCP connection and failing to return an AJP response. Attackers can exploit this by repeatedly sending oversized requests, leading to potential Denial of Service situations where legitimate user requests are disrupted.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot",7.5,HIGH,0.0007699999841861427,false,false,false,false,,false,false,2023-12-12T22:15:00.000Z,0
CVE-2023-6394,https://securityvulnerability.io/vulnerability/CVE-2023-6394,Quarkus: graphql operations over websockets bypass,"A flaw exists in Quarkus that allows unauthorized access via websocket requests. When specific role-based permissions are not defined for GraphQL operations, Quarkus processes incoming requests without proper authentication, compromising the security of endpoints intended to be protected. This flaw potentially enables attackers to exploit existing permissions to access sensitive information and functionalities that should otherwise remain restricted.",Red Hat,"Red Hat Build Of Quarkus 2.13.9.final,Red Hat Build Of Quarkus 3.2.9.final",7.4,HIGH,0.001500000013038516,false,false,false,false,,false,false,2023-12-09T02:15:00.000Z,0
CVE-2023-6393,https://securityvulnerability.io/vulnerability/CVE-2023-6393,Quarkus: potential invalid reuse of context when @cacheresult on a uni is used,"A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial ""completion"" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.",Red Hat,"upstream,Red Hat build of Quarkus",5.3,MEDIUM,0.0015999999595806003,false,false,false,false,,false,false,2023-12-06T17:15:00.000Z,0
CVE-2023-1584,https://securityvulnerability.io/vulnerability/CVE-2023-1584,Id and access tokens leak via the authorization code flow,"A security flaw in Quarkus OIDC has been identified, allowing the potential leakage of ID and access tokens when utilizing an insecure HTTP protocol during the authorization code flow. This vulnerability creates avenues for attackers to gain access to sensitive user data either directly from the ID token or by exploiting the access token to interact with OIDC provider services. It is important to note that the access tokens do not store passwords, yet their exposure could still result in significant privacy and security issues.",Red Hat,"quarkus-oidc,Red Hat build of Quarkus,Red Hat Integration Service Registry",7.5,HIGH,0.0012799999676644802,false,false,false,false,,false,false,2023-10-04T11:15:00.000Z,0
CVE-2023-3223,https://securityvulnerability.io/vulnerability/CVE-2023-3223,Undertow: outofmemoryerror due to @multipartconfig handling,"A vulnerability has been identified in Undertow, where servlets annotated with @MultipartConfig may lead to an OutOfMemoryError during processing of large multipart content submissions. This flaw can enable unauthorized users to launch remote Denial of Service attacks. Importantly, if file size thresholds are employed to restrict uploads, attackers can bypass these limits by manipulating the request to set the file name to null, thus exploiting this weakness.",Red Hat,"Red Hat Fuse 7.12.1,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6.5,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Openstack Platform 13 (queens) Operational Tools,Red Hat Process Automation 7,Red Hat Support For Spring Boot",7.5,HIGH,0.011149999685585499,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0
CVE-2023-4853,https://securityvulnerability.io/vulnerability/CVE-2023-4853,Quarkus: http security policy bypass,"A vulnerability in Quarkus has been identified where HTTP security policies fail to correctly sanitize certain character permutations in incoming requests. This flaw may lead to the incorrect evaluation of permissions, enabling an attacker to circumvent the security policy. Such exploitation could allow unauthorized access to sensitive endpoints and potentially trigger a denial of service.",Red Hat,"Openshift Serverless 1 On Rhel 8,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus 2.13.8.sp2,Red Hat Camel Extensions For Quarkus 2.13.3-1,Red Hat Openshift Serverless 1.30,Rhel-8 Based Middleware Containers,Rhint Camel-k-1.10.2,Rhint Service Registry 2.5.4 Ga,RHPam 7.13.4 Async,Red Hat Process Automation 7",8.1,HIGH,0.00406000018119812,false,false,false,false,,false,false,2023-09-20T10:15:00.000Z,0
CVE-2023-1108,https://securityvulnerability.io/vulnerability/CVE-2023-1108,Infinite loop in sslconduit during close,"A vulnerability has been identified within Undertow, affecting its SSL Conduit. This flaw stems from an unexpected handshake status update, which can cause an infinite loop, thereby resulting in a Denial of Service. Malicious actors could exploit this vulnerability to prevent legitimate access to the service, leading to disruptions. Users of Undertow are advised to apply the latest patches to mitigate the risk associated with this issue.",Red Hat,"undertow,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,Red Hat JBoss Fuse 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7.6 for RHEL 7,Red Hat Single Sign-On 7.6 for RHEL 8,Red Hat Single Sign-On 7.6 for RHEL 9,RHEL-8 based Middleware Containers,Text-Only RHOAR,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Fuse 6,Red Hat OpenStack Platform 13 (Queens),Red Hat Process Automation 7",7.5,HIGH,0.004100000020116568,false,false,false,false,,false,false,2023-09-14T15:15:00.000Z,0
CVE-2022-1415,https://securityvulnerability.io/vulnerability/CVE-2022-1415,Drools: unsafe data deserialization in streamutils,"A security flaw exists in Drools Core where certain utility classes fail to implement appropriate safety measures during data deserialization. This vulnerability permits an authenticated attacker to craft malicious serialized objects, often referred to as gadgets, which can then lead to unauthorized code execution on the server. Proper safeguards should be implemented to mitigate risks associated with this vulnerability.",Red Hat,"RHPam 7.13.1 Async,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7",8.1,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2023-09-11T20:20:23.745Z,0